sen-material: slides/slides01.tex@036a762b02cf

\documentclass[dvipsnames,14pt,t, xelatex]{beamer}
\usepackage{../slides}
\usepackage{../graphics}
\usepackage{../langs}

\setmonofont[Scale=.88]{Consolas}
\newfontfamily{\consolas}{Consolas}

\hfuzz=220pt 

% beamer stuff 
\renewcommand{\slidecaption}{SEN 01, King's College London}

\lstset{language=JavaScript,
        style=mystyle,
        numbersep=0pt,
        numbers=none,
        xleftmargin=0mm}

\begin{document}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}
\frametitle{%
  \begin{tabular}{@ {}c@ {}}
  \LARGE Security Engineering (1)\\[-3mm] 
  \end{tabular}}

  \begin{center}
  \includegraphics[scale=0.3]{../pics/barrier.jpg}
  \end{center}

  \normalsize
  \begin{center}
  \begin{tabular}{ll}  
  Email:  & christian.urban at kcl.ac.uk\\
  Office: & S1.27 (1st floor Strand Building)\\
  Slides: & KEATS
  \end{tabular}
  \end{center}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}

\begin{center}
\includegraphics[scale=0.5]{../pics/barrier.jpg}
\end{center}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}
\frametitle{This is a Misconception!}

\begin{center}
\includegraphics[scale=0.55]{../pics/cryptographic-small.png}
\end{center}

\centering
\begin{bubble}[10cm]
\small
There is some consensus that the NSA can probably not
brute-force magically better than the ``public''. 
\end{bubble}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
The content of this course is very much inspired by the work of 
three people:\bigskip

\small
\begin{center}
\begin{tabular}{ccc}
\includegraphics[scale=1.4]{../pics/schneier.png} &
\includegraphics[scale=0.103]{../pics/ross.jpg} &
\includegraphics[scale=0.2]{../pics/halderman.jpg} \\
Bruce Schneier & Ross Anderson & Alex Halderman\\
\tiny\url{en.wikipedia.org/wiki/Bruce_Schneier} & 
\tiny\url{www.cl.cam.ac.uk/~rja14} & 
\tiny\url{jhalderm.com}
\end{tabular}
\end{center}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]

\alert{\bf Security engineers} require a particular \alert{\bf mindset}:
\bigskip\medskip

\begin{overlayarea}{\textwidth}{5cm}
\small
\only<1>{\begin{bubble}[10cm]
``Security engineers --- at least the good ones --- see
the world differently. They can't walk into a store without
noticing how they might shoplift. They can't use a computer
without wondering about the security vulnerabilities. They
can't vote without trying to figure out how to vote twice.
They just can't help it.''\\
\hfill{}---Bruce Schneier
\end{bubble}}%
\only<2>{\begin{bubble}[10.5cm]
``Security engineering\ldots requires you to think
differently. You need to figure out not how something works,
but how something can be made to not work. You have to imagine
an intelligent and malicious adversary inside your system
\ldots, constantly trying new ways to
subvert it. You have to consider all the ways your system can
fail, most of them having nothing to do with the design
itself. You have to look at everything backwards, upside down,
and sideways. You have to think like an alien.''\hfill{}---Bruce Schneier
\end{bubble}}
\end{overlayarea}

\begin{flushright}
\includegraphics[scale=0.0087]{../pics/schneierbook1.jpg}\;
\includegraphics[scale=0.0087]{../pics/schneierbook2.jpg}\;
\includegraphics[scale=0.23]{../pics/schneierbook3.jpg}\;
\includegraphics[scale=0.85]{../pics/schneier.png}
\end{flushright}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Breaking Things}

For example:

\begin{center}
\begin{bubble}[10cm]\small
Prof.~V.~Nasty gives the following final exam question (closed books, 
closed notes):\bigskip

\noindent
\begin{tabular}{@ {}l}
Write the first 100 digits of $\pi$:\\
3.\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_
\end{tabular}
\end{bubble}
\end{center}

How can you cheat in this exam and how can you defend against such cheating?

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}
\frametitle{\textcolor{red}{Warning}}
\small

\begin{itemize}
\item<1-> I will be teaching techniques that can be used to
      compromise security and privacy. 
\end{itemize}

\onslide<2->{
\begin{itemize}
\item Donâ€™t be evil! 
\only<3>{\item Using those techniques in the real world may
violate the law or Kingâ€™s rules, and it may be unethical.}
\only<3>{\item Under some circumstances, even probing for weaknesses of a
system may result in severe penalties, up to and including
expulsion, fines and jail time.} 
\only<3>{\item Acting lawfully and ethically is \underline{your} responsibility.} 
\only<4>{\item Ethics requires you to
refrain from doing harm.} 
\only<4>{\item \underline{Always} respect privacy and rights of
others.} 
\only<4>{\item Do not tamper with any of King's systems.} 
\only<5>{\item If you try
out a technique, always make doubly sure you are working in a
safe environment so that you cannot cause any harm, not even
accidentally.} 
\only<5>{\item Don't be evil. Be an \underline{ethical} hacker.}
\end{itemize}}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Secure Systems}

For a secure system, four requirements need to come 
together:

\begin{itemize}
\item {\bf Policy}\\
  {\small What is supposed to be achieved?}
\item {\bf Mechanism}\\
  {\small Cipher, access controls, tamper resistance, \ldots} 
\item {\bf Assurance}\\
  {\small The amount of reliance you can put on the mechanism.}
\item {\bf Incentive}\\
  {\small The motive that the people guarding and maintaining the 
  system have to do their job properly, and also the motive 
  that the attackers have to try to defeat your policy.}
\end{itemize}



\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Chip-and-PIN}

\begin{center}
\includegraphics[scale=0.3]{../pics/creditcard1.jpg}\;
\includegraphics[scale=0.3]{../pics/creditcard2.jpg}
\end{center}

\begin{itemize}
\item Chip-and-PIN was introduced in the UK in 2004
\item before that customers had to sign a receipt\bigskip
\item \bf Is Chip-and-PIN a more secure system?
\end{itemize}

\begin{flushright}
\small\textcolor{gray}{(some other countries still use the old method)}
\end{flushright}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Yes \ldots}

\ldots if you believe the banks:\bigskip

\begin{bubble}[10cm] 
\small ``Chip-and-PIN is so effective in this country [UK]
that fraudsters are starting to move their activities
overseas,''\smallskip\\ 
\hfill{}said some spokesman for Lloyds TSB\\ 
\hfill(in The Guardian, 2006)
\end{bubble}\bigskip


\begin{itemize}
\item mag-stripe cards cannot be cloned anymore
\item stolen or cloned cards need to be used abroad 
\item fraud on lost, stolen and counterfeit credit 
cards was down \pounds{60m} (24\%) on 2004's figure
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{But let's see}


\begin{textblock}{1}(3,4)
\begin{tabular}{c}
\includegraphics[scale=0.3]{../pics/bank.png}\\[-2mm]
\small Bank
\end{tabular}
\end{textblock}

\begin{textblock}{1}(7,4.5)
\begin{tabular}{c}
\includegraphics[scale=3]{../pics/store.png}\\[-2mm]
\end{tabular}
\end{textblock}

\begin{textblock}{1}(4.5,9.9)
\begin{tabular}{c}
\includegraphics[scale=0.16]{../pics/rman.png}\\[-1mm]
\small customer / you
\end{tabular}
\end{textblock}  

\only<2->{
\begin{textblock}{1}(4.5,7.5)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1,-1) node (Y) {};
  \draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}

\only<3->{
\begin{textblock}{1}(6.8,7.5)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1,1) node (Y) {};
  \draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\begin{textblock}{1}(4.8,5.9)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1.4,0) node (Y) {};
  \draw[red, <->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}

\only<4->{  
\begin{textblock}{1}(12,6.5)
\begin{tabular}{c}
\includegraphics[scale=0.8]{../pics/factory.png}\\[-1mm]
\small card\\[-2mm]\small terminal\\[-2mm] \small producer
\end{tabular}
\end{textblock}
  
\begin{textblock}{1}(10,7)
  \begin{tikzpicture}[scale=1.6]
  \draw[white] (0,0) node (X) {};
  \draw[white] (-1,0.6) node (Y) {};
  \draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}  
  
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Chip-and-PIN}

\begin{itemize}
\item A ``tamperesitant'' terminal playing Tetris on 
\href{http://www.youtube.com/watch?v=wWTzkD9M0sU}{youtube}.\smallskip\\
\footnotesize(\url{http://www.youtube.com/watch?v=wWTzkD9M0sU})
\end{itemize}
 
\includegraphics[scale=0.2]{../pics/tetris.jpg}
  
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}
\frametitle{Chip-and-PIN}

\begin{itemize}
\item in 2006, Shell petrol stations stopped accepting Chip-and-PIN after 
  \pounds{1M} had been stolen from customer accounts\smallskip 
\item in 2008, hundreds of card readers for use in Britain, Ireland, 
  the Netherlands, Denmark, and Belgium had been expertly tampered with 
  shortly after manufacture so that details and PINs of credit cards 
  were sent during the 9 months before over mobile phone networks 
  to criminals in Lahore, Pakistan
\end{itemize}
  
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Chip-and-PIN is Broken}

\begin{flushright}
\includegraphics[scale=0.01]{../pics/andersonbook1.jpg}\;
\includegraphics[scale=1.5]{../pics/anderson.jpg}
\end{flushright}

\begin{itemize}
\item man-in-the-middle attacks by the group around Ross Anderson\medskip
\end{itemize}

\begin{center}
\mbox{}\hspace{-20mm}\includegraphics[scale=0.5]{../pics/chip-attack.png}
\end{center}

\begin{textblock}{1}(11.5,13.7)
\begin{tabular}{l}
\footnotesize on BBC Newsnight\\[-2mm] 
\footnotesize in 2010 or 
\href{http://www.youtube.com/watch?v=JPAX32lgkrw}{youtube}
\end{tabular}
\end{textblock}
  
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{\Large Chip-and-PIN is Really Broken}

\begin{flushright}
\includegraphics[scale=0.01]{../pics/andersonbook1.jpg}\;
\includegraphics[scale=1.5]{../pics/anderson.jpg}
\end{flushright}

\begin{itemize}
\item same group successfully attacked in 2012 card readers and ATM machines
\item the problem was: several types of ATMs generate poor random numbers, 
  which are used as nonces
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{The Real Problem \ldots}

\begin{textblock}{1}(3,4)
\begin{tabular}{c}
\includegraphics[scale=0.3]{../pics/bank.png}\\[-2mm]
\small Bank
\end{tabular}
\end{textblock}

\begin{textblock}{1}(7,4.5)
\begin{tabular}{c}
\includegraphics[scale=3]{../pics/store.png}\\[-2mm]
\end{tabular}
\end{textblock}

\begin{textblock}{1}(12,6.5)
\begin{tabular}{c}
\includegraphics[scale=0.8]{../pics/factory.png}\\[-1mm]
\small terminal\\[-2mm] \small producer
\end{tabular}
\end{textblock}

\begin{textblock}{1}(4.5,9.9)
\begin{tabular}{c}
\includegraphics[scale=0.13]{../pics/rman.png}\\[-1mm]
\small customer / you
\end{tabular}
\end{textblock}  
  
\begin{textblock}{1}(4.5,7.5)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1,-1) node (Y) {};
  \draw[gray, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\begin{textblock}{1}(6.8,7.5)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1,1) node (Y) {};
  \draw[gray, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\begin{textblock}{1}(4.8,5.9)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1.4,0) node (Y) {};
  \draw[gray, <->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\begin{textblock}{1}(10,7)
  \begin{tikzpicture}[scale=1.6]
  \draw[white] (0,0) node (X) {};
  \draw[white] (-1,0.6) node (Y) {};
  \draw[gray, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}  
  
\begin{textblock}{14}(1,13.5)
\begin{itemize}
\item the burden of proof for fraud and financial liability was shifted to the costumer (until approx.~2009/10)
\end {itemize} 
\end{textblock}
  
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{The Bad Guy Again}

\begin{bubble}[10.5cm]
\small
The anonymous hacker from earlier:\medskip\\ ``Try to use
`Verified-By-Visa' and `Mastercard-Securecode' as rarely as
possible. If only your CVV2 code is getting sniffed, you are
not liable for any damage, because the code is physically
printed and could have been stolen while you payed with your
card at a store. Same applies if someone cloned your CC
reading the magnetic stripe or sniffing RFID. Only losing your
VBV or MCSC password can cause serious trouble.''\\
\hfill{}\url{www.goo.gl/UWluh0}
\end{bubble}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Being Screwed Again}

\begin{flushright}
\includegraphics[scale=0.3]{../pics/rbssecure.jpg}
\end{flushright}

\begin{itemize}
\item {\bf Responsibility}\\
``You understand that you are financially responsible for all uses 
of RBS Secure.''\medskip\\
\footnotesize\url{https://www.rbssecure.co.uk/rbs/tdsecure/terms_of_use.jsp}
\end{itemize}
  
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Web Applications}

\begin{textblock}{1}(2,5)
\begin{tabular}{c}
\includegraphics[scale=0.15]{../pics/servers.png}\\[-2mm]
\small Servers from\\[-2mm] 
\small Dot.com Inc.
\end{tabular}
\end{textblock}

\begin{textblock}{1}(5.6,6)
  \begin{tikzpicture}[scale=2.5]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1,0) node (Y) {};
  \only<2>{\draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};}
  \only<3>{\draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X)!.5!(Y) $) {};}
  \only<4>{\draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=7pt,label=above:\textcolor{black}{POST data}] at ($ (X)!.5!(Y) $) {};}
  \end{tikzpicture}
\end{textblock}


\begin{textblock}{1}(9,5.5)
\begin{tabular}{c}
\includegraphics[scale=0.15]{../pics/laptop.png}\\[-2mm]
\small Client(s)
\end{tabular}
\end{textblock}
  
\begin{textblock}{13}(1,13)  
\begin{itemize}
\item What are pitfalls and best practices?
\end{itemize}  
\end{textblock}
  
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{JavaScript + Node.js}

A simple response from the server:

\small
\lstinputlisting{../progs/ap0.js}
\medskip\pause

\small
alternative response:\smallskip\\


\lstinline{response.write('<H1>Hello World</H1>');}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]

\footnotesize
\lstinputlisting{../progs/ap1.js}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Cookies}

\begin{textblock}{1}(1.5,5)
\begin{tabular}{c}
\includegraphics[scale=0.15]{../pics/servers.png}\\[-2mm]
\small Servers from\\[-2mm] 
\small Dot.com Inc.
\end{tabular}
\end{textblock}

\begin{textblock}{1}(5.6,5.6)
  \begin{tikzpicture}[scale=2.5]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1,0) node (Y) {};
  \draw[white] (0.05,-0.3) node (X1) {};
  \draw[white] (0.95,-0.3) node (Y1) {};
  \only<1-2>{\draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};}
  \only<1>{\draw[white, <-, line width = 1mm] (X1) -- (Y1);
  \node [inner sep=2pt,label=below:\textcolor{white}{read a cookie}] at ($ (X1)!.5!(Y1) $) {};}
  \only<2>{\draw[red, <-, line width = 1mm] (X1) -- (Y1);
  \node [inner sep=2pt,label=below:\textcolor{black}{read a cookie}] at ($ (X1)!.5!(Y1) $) {};}
  \only<3->{\draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X)!.5!(Y) $) {};}
  \only<3->{\draw[red, ->, line width = 1mm] (X1) -- (Y1);
  \node [inner sep=2pt,label=below:\textcolor{black}{write a cookie}] at ($ (X1)!.5!(Y1) $) {};}
  \end{tikzpicture}
\end{textblock}


\begin{textblock}{1}(9.5,5.5)
\begin{tabular}{c}
\includegraphics[scale=0.15]{../pics/laptop.png}\\[-2mm]
\small Client
\end{tabular}
\end{textblock}
  
\only<4->{  
\begin{textblock}{13}(1,11)  
\small\begin{itemize}
\item cookies: max 4KB data\\[-2mm]
\item cookie theft, cross-site scripting attacks\\[-2mm]
\item session cookies, persistent cookies, HttpOnly cookies, third-party cookies, zombie cookies 
\end{itemize}  
\end{textblock}}

\only<5>{
\begin{textblock}{11}(1,3)
\begin{bubble}[10cm]\small
{\bf EU Privacy Directive about Cookies:}\smallskip\\ ``In May 2011, a
European Union law was passed stating that websites that leave
non-essential cookies on visitors' devices have to alert the visitor
and get acceptance from them. This law applies to both individuals and
businesses based in the EU regardless of the nationality of their
website's visitors or the location of their web host. It is not enough
to simply update a website's terms and conditions or privacy
policy. The deadline to comply with the new EU cookie law was 26th May
2012 and failure to do so could mean a fine of up to
\pounds{500,000}.''  \hfill\small\textcolor{gray}{$\rightarrow$BBC
  News}, \url{www.goo.gl/RI4qhh}
\end{bubble}
\end{textblock}}
  
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{My First Real Webapp}

{\bf GET request:}\smallskip
\begin{enumerate}
\item read the cookie from client
\item if none is present, set \texttt{counter} to \textcolor{blue}{zero}
\item if cookie is present, extract \texttt{counter}
\item if \texttt{counter} is greater or equal than \textcolor{blue}{$5$}, \\
print a valued customer message\\
otherwise just a normal message
\item increase \texttt{counter} by \textcolor{blue}{$1$} and store new cookie with client
\end{enumerate}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\mbox{}\\[-9mm]

\footnotesize
\lstinputlisting{../progs/ap2.js}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]

\begin{center}
\includegraphics[scale=0.5]{../pics/barrier.jpg}
\end{center}

\begin{itemize}
\item data integrity needs to be ensured
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\mbox{}\\[-7mm]

\footnotesize
\lstinputlisting{../progs/ap3.js}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{SHA-1}
  
\begin{itemize}
\item SHA-1 is a cryptographic hash function\\
(MD5, SHA-256, SHA-512, \ldots) 
\item message $\rightarrow$ digest
\item attacks exist: $2^{80} \rightarrow 2^{61}$ \bigskip\pause
\item but dictionary attacks are much more effective for extracting passwords (later)
\end{itemize}  
  
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\mbox{}\\[-2mm]

{\footnotesize\lstinputlisting{../progs/ap4.js}}

\begin{textblock}{1}(9,0)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (3.5,0) node (Y) {};
  \draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{\small should be random}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\begin{textblock}{1}(12.6,6.5)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (-1,-1) node (Y) {};
  \draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\begin{textblock}{1}(9.9,11.5)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1,-1) node (Y) {};
  \draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Unix Passwords\end{tabular}}

\begin{itemize}
\item passwords must \alert{\bf not} be stored in clear text
\item instead \texttt{/etc/shadow} contains
\end{itemize}

{\small
\texttt{name:\$1\$QIGCa\$/ruJs8AvmrknzKTzM2TYE.:other\_info}
}

\begin{itemize}
\item \texttt{\$} is the separator
\item \texttt{1} is MD5 (actually SHA-512 is used nowadays, \texttt{6})
\item \texttt{QIGCa} is the salt
\item \texttt{ruJs8AvmrknzKTzM2TYE.} $\rightarrow$ password + salt
\end{itemize}

\textcolor{gray}{\small
(\texttt{openssl passwd -1 -salt QIGCa pippo})
}
% Unix password
% http://ubuntuforums.org/showthread.php?p=5318038

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Plain-Text Passwords\end{tabular}}

\pause
\small\textcolor{gray}{On 25 September 2012, a report on a data breach at IEEE:}


\begin{itemize}
\item IEEE is a standards organisation (not-for-profit) 
\item many standards in CS are by IEEE\medskip
\item 100k plain-text passwords were recorded in logs
\item the logs were openly accessible on their FTP server
\end{itemize}\bigskip

\begin{flushright}\small
\textcolor{gray}{\url{http://ieeelog.com}}
\end{flushright}

\only<3->{
\begin{textblock}{11}(3,2)
\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=white, ultra thick, draw=red, rounded corners=2mm] 
{\normalsize\color{darkgray}
\begin{minipage}{7.5cm}\raggedright\small
\includegraphics[scale=0.6]{../pics/IEEElog.jpg}
\end{minipage}};
\end{tikzpicture}
\end{textblock}}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Other Password Blunders\end{tabular}}


\begin{itemize}
\item in late 2009, when an SQL injection attack against online games 
service RockYou.com exposed 32 million \alert{plaintext} passwords

\item  1.3 million Gawker credentials exposed in December 2010 containing 
unsalted(?) \alert{MD5} hashes

\item June 6th, 2012, 6 million unsalted SHA-1 passwords were leaked from linkedIn
% linkedIn password
% http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html

\item in July 2015, hackers leaked a password database from 
Ashley Madison containing 31 million passwords, many of them 
poorly hashed
\end{itemize}\medskip

\small
(web user maintains 25 separate accounts but uses just 6.5 passwords.)

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%For instance, SHA512crypt, which is included in Mac OS X and most Unix-based operating systems, passes text through 5,000 iterations, a %hurdle that would have limited Gosney to slightly less than 2,600 guesses per second. The Bcrypt algorithm is even more computationally %expensive, in large part because it subjects text to multiple iterations of the Blowfish cipher that was deliberately modified to increase the %time required to generate a hash. PBKDF2, a function built into Microsoft's .Net software developer framework, offers similar benefits.


% rainbow tables
% http://en.wikipedia.org/wiki/Rainbow_table



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Brute Forcing Passwords\end{tabular}}

\begin{itemize}
\item How fast can hackers crack SHA-1 passwords? \pause

\item The answer is 2 billion attempts per second\\ 
using a Radeon HD 7970
\end{itemize}

\begin{center}
\begin{tabular}{@ {\hspace{-12mm}}rl}
password length & time\smallskip\\\hline
5 letters & 5 secs\\
6 letters & 500 secs\\
7 letters & 13 hours\\
8 letters & 57 days\\
9 letters & 15 years\\
\end{tabular}
\end{center}

\small
5 letters $\approx$ 100$^5$ $=$ 10 billion combinations\\ 
(1 letter - upper case, lower case, digits, symbols $\approx$ 100)

\only<2->{
\begin{textblock}{1}(12,5)
\begin{tabular}{c}
\includegraphics[scale=0.3]{../pics/radeon.jpg}\\[-6mm]
\footnotesize graphics card\\[-1mm]
\footnotesize ca.~\pounds{}300
\end{tabular}
\end{textblock}}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Passwords}

How to recover from a break in?\pause\medskip

\begin{itemize}
\item Do not send passwords in plain text.
\item Security questions are tricky to get right.
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{This Course}

\begin{itemize}
\item electronic voting
\item break-ins (buffer overflows)
\item access control\\ (role based, data security / data integrity)
\item protocols
\item zero-knowledge proofs
\item privacy
\begin{quote}
Scott McNealy: \\``You have zero privacy anyway. Get over it.''
\end{quote}
\item trust, bitcoins
\item static analysis
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Books + Homework}

\begin{itemize}
\item There is no single book I am following, but

  \begin{center}
    \includegraphics[scale=0.012]{../pics/andersonbook1.jpg}
    %%\includegraphics[scale=0.23]{../pics/accesscontrolbook.jpg}
  \end{center}\medskip\pause

\item The question ``\emph{Is this relevant for the exams?}''
      is not appreciated!\medskip\\

  Whatever is in the homework (and is not marked optional) is
  relevant for the exam. No code needs to be written.
  
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Further Information}

For your personal interest:

\begin{itemize}
\item RISKS mailing list 
\item Schneier's Crypto newsletter
\item Google+ Ethical Hacker group
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Take-Home Points}

\begin{itemize}
\item Never store passwords in plain text.\medskip
\item Always salt your hashes!\medskip
\item Use an existing crypto algorithm; do not write your own!\medskip
\item Make the party responsible for losses that is in the position to improve 
security.
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}}

Can you track a user {\bf without}:

\begin{itemize}
\item Cookies
\item JavaScript
\item LocalStorage/SessionStorage/GlobalStorage
\item Flash, Java or other plugins
\item Your IP address or user agent string
\item Any methods employed by Panopticlick\\
\mbox{}\hfill $\rightarrow$ \textcolor{blue}{\url{https://panopticlick.eff.org/}}
\end{itemize}

Even when you disabled cookies entirely, have JavaScript turned off and use a VPN service.\\\pause
(And numerous sites use it.)

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Web-Protocol}

\only<1->{
\begin{textblock}{1}(2,2)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {\includegraphics[scale=0.12]{../pics/firefox.jpg}};
  \end{tikzpicture}
\end{textblock}}

\only<1->{
\begin{textblock}{1}(11,2)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {\includegraphics[scale=0.15]{../pics/servers.png}};
  \end{tikzpicture}
\end{textblock}}

\only<1->{
\begin{textblock}{1}(5,2.5)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (3,0) node (Y) {};
  \draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}

\only<2->{
\begin{textblock}{1}(5,6)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (3,0) node (Y) {};
  \draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=below:\textcolor{black}{\small ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
   \node [inner sep=5pt,label=above:{\includegraphics[scale=0.15]{../pics/tvtestscreen.jpg}}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}

\only<3->{
\begin{textblock}{1}(4.2,11)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (3,0) node (Y) {};
  \draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}

\only<4->{
\begin{textblock}{1}(4.2,13.9)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (3,0) node (Y) {};
  \draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=below:\textcolor{black}{\small HTTP/1.1 304 (Not Modified)}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

\end{document}



%%% Local Variables:  
%%% mode: xelatex
%%% TeX-master: t
%%% End:
author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Sun, 20 Sep 2015 22:09:58 +0100 (2015-09-20)
changeset 381	036a762b02cf
parent 199	20af800ce736
child 443	67d7d239c617
permissions	-rw-r--r--